diff --git a/policy/modules/apps/firewallgui.te b/policy/modules/apps/firewallgui.te index 910a3f4f..0bbd523f 100644 --- a/policy/modules/apps/firewallgui.te +++ b/policy/modules/apps/firewallgui.te @@ -24,36 +24,37 @@ manage_files_pattern(firewallgui_t,firewallgui_tmp_t,firewallgui_tmp_t) manage_dirs_pattern(firewallgui_t,firewallgui_tmp_t,firewallgui_tmp_t) files_tmp_filetrans(firewallgui_t,firewallgui_tmp_t, { file dir }) -files_manage_system_conf_files(firewallgui_t) -files_etc_filetrans_system_conf(firewallgui_t) - -corecmd_exec_shell(firewallgui_t) -corecmd_exec_bin(firewallgui_t) -consoletype_exec(firewallgui_t) - kernel_read_system_state(firewallgui_t) kernel_read_network_state(firewallgui_t) kernel_rw_net_sysctls(firewallgui_t) kernel_rw_kernel_sysctl(firewallgui_t) kernel_rw_vm_sysctls(firewallgui_t) +corecmd_exec_shell(firewallgui_t) +corecmd_exec_bin(firewallgui_t) +consoletype_exec(firewallgui_t) + +dev_read_urand(firewallgui_t) +dev_read_sysfs(firewallgui_t) + +files_manage_system_conf_files(firewallgui_t) +files_etc_filetrans_system_conf(firewallgui_t) files_read_etc_files(firewallgui_t) files_read_usr_files(firewallgui_t) files_search_kernel_modules(firewallgui_t) files_list_kernel_modules(firewallgui_t) +iptables_domtrans(firewallgui_t) +iptables_initrc_domtrans(firewallgui_t) + modutils_getattr_module_deps(firewallgui_t) -dev_read_urand(firewallgui_t) -dev_read_sysfs(firewallgui_t) - -nscd_dontaudit_search_pid(firewallgui_t) -nscd_socket_use(firewallgui_t) - miscfiles_read_localization(firewallgui_t) -iptables_domtrans(firewallgui_t) -iptables_initrc_domtrans(firewallgui_t) +userdom_dontaudit_search_user_home_dirs(firewallgui_t) + +nscd_dontaudit_search_pid(firewallgui_t) +nscd_socket_use(firewallgui_t) optional_policy(` gnome_read_gconf_home_files(firewallgui_t) diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te index 7243acc0..0b1ca38a 100644 --- a/policy/modules/apps/mozilla.te +++ b/policy/modules/apps/mozilla.te @@ -346,8 +346,10 @@ term_getattr_all_ttys(mozilla_plugin_t) term_getattr_all_ptys(mozilla_plugin_t) userdom_rw_user_tmpfs_files(mozilla_plugin_t) +userdom_delete_user_tmpfs_files(mozilla_plugin_t) userdom_stream_connect(mozilla_plugin_t) userdom_dontaudit_use_user_ptys(mozilla_plugin_t) +userdom_read_user_home_content_files(mozilla_plugin_t) optional_policy(` alsa_read_rw_config(mozilla_plugin_t) diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te index f9af97c2..532fa91f 100644 --- a/policy/modules/services/clamav.te +++ b/policy/modules/services/clamav.te @@ -64,6 +64,8 @@ logging_log_file(freshclam_var_log_t) allow clamd_t self:capability { kill setgid setuid dac_override }; dontaudit clamd_t self:capability sys_tty_config; +allow clamd_t self:process signal; + allow clamd_t self:fifo_file rw_fifo_file_perms; allow clamd_t self:unix_stream_socket { create_stream_socket_perms connectto }; allow clamd_t self:unix_dgram_socket create_socket_perms;